Database mix-up let some smart doorbell users see video from others' homes

“I can see your front porch from here!”

Database mix-up let some smart doorbell users see video from others' homes

A mix-up involving two databases allowed some users of a popular smart doorbell to view live footage from complete strangers' front porches.

Earlier this month, Android Central began receiving reports from some Ring Doorbell Pro users that they could view video feeds that were not attached to their houses.

Enabled by Wi-Fi, Ring is a so-called "smart" doorbell that allows users to answer their doors anywhere via video on their smartphones.

The doorbell comes equipped with motion sensors that monitor for activity on a user's property. If triggered, those sensors send a mobile alert to the user, who can choose to enable on their smartphone a video feed transmitted from the Ring doorbell. The user can then see or interact with whatever (or whomever) triggered the sensors.

Maxresdefault

Ring touts itself as providing "a new level of security."

But not in this case.

It's freaky enough to see the video feed from another house's doorbell. It's downright disturbing to think someone else is watching your own home's front porch.

Given those privacy concerns, Android Central reached out to Ring. The company has since released the following statement:

"Security is at the core of our company and this is something Ring takes very seriously. Here's what happened. We use random numbers to generate a call ID from Ring products. We did a very robust Beta test of the new Ring Video Doorbell Pro on experimental software, and when we moved it out of Beta for the commercial launch, some customers' numbers were in two different databases. As a result, those call ID numbers were overwritten.

We believe, based on all the data we have analyzed, that this caused less than ten instances - out of more than 4 million calls per day and over 84 million calls in total - where video recordings overlapped for Ring Video Doorbell Pro users only. We are in the process of merging those databases so this will no longer occur. This issue only effected Ring Video Doorbell Pro users, not users of our other products, Ring Video Doorbell and Ring Stick Up Cam."

461354 ring video doorbell

Ring definitely should have done its due diligence and made sure all of their customers' personal information was stored in the correct location when they moved for commercial launch.

It's not as though the firm hasn't found itself in hot water before over security and privacy issues. Earlier this year, for instance, a flaw was found in Ring's "smart" doorbell that could have allowed attackers to easily steal the passwords to customers' Wi-Fi networks.

But to be fair, it's good to see the smart doorbell company taking responsibility for this latest issue. And if how it has resolved past security flaws is any indication, Ring should have everything fixed within a few weeks.

In the meantime, if you are a Ring user who can see other people's video feeds, make sure you contact the doorbell company and let them know.

Let's be honest: you'd want someone to do the same if they could view your doorstep.

(Visited 5,611 times, 1 visits today)

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

2 Responses

  1. coyote

    May 18, 2016 at 12:15 am #

    People calling these things smart doesn't change the fact (no matter how many times they say it) that smart devices aren't all that smart (as is frequently demonstrated). And in this case it seems it has defied physics, being in more than one place at the same time. Or perhaps they've tapped into the fourth dimension.

    No. I would rather say that the doorbell is stupid. They should too.

  2. graphicequaliser

    May 19, 2016 at 10:41 am #

    I'd definitely "DENY" that! ;-)

Leave a Reply